openjdk team mailing list archive

Thread
Date

[Bug 1826001] Re: Update openjdk-8 to 8u212 - security fixes are provided

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1826001@xxxxxxxxxxxxxxxxxx>
Date: Mon, 29 Apr 2019 07:02:20 -0000
Reply-to: Bug 1826001 <1826001@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package openjdk-8 - 8u212-b03-0ubuntu1

---------------
openjdk-8 (8u212-b03-0ubuntu1) eoan; urgency=medium

  [ Tiago Stürmer Daitx ]
  * Update to 8u212-b03. LP: #1826001.
  * Security fixes:
    - S8211936, CVE-2019-2602: Better String parsing.
    - S8218453, CVE-2019-2684: More dynamic RMI interactions.
    - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID().
  * Revert to GTK2 as default since GTK3 still has padding and component
    issues:
    - debian/rules: always Build-Depends on libgtk2.0-dev and Depends on
      libgtk2.0-0 instead of relying on gtk3 for some releases.
  * debian/control: add missing dependency on testng (required by the
    testsuites).

  [ Andrej Shadura ]
  * debian/rules: check for nodoc instead of nodocs in DEB_BUILD_OPTIONS.
    Closes: 922757.

  [ Matthias Klose ]
  * debian/rules, debian/tests/jtdiff-autopkgtest.sh,
    debian/tests/jtreg-autopkgtest.in, debian/tests/jtreg-autopkgtest.sh:
    only set the JDK under test and allow jtreg to use its default JDK
    for running the tests.

  [ Thorsten Glaser ]
  * Improve compatibility with older releases. Closes: #925407.
    - debian/rules: determine source date using backwards-compatible
      dpkg-parsechangelog call.
    - debian/control.in: put @bd_cross@ onto same line as @bd_nss@ as
      it can be empty.

 -- Tiago Stürmer Daitx <tiago.daitx@xxxxxxxxxx>  Thu, 25 Apr 2019
21:28:59 +0000

** Changed in: openjdk-8 (Ubuntu)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2602

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2684

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2698

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-8 in Ubuntu.
https://bugs.launchpad.net/bugs/1826001

Title:
  Update openjdk-8 to 8u212 - security fixes are provided

Status in openjdk-8 package in Ubuntu:
  Fix Released

Bug description:
  Current OpenJDK 8 version in Ubuntu is 8u191.

  Java is now on 8u212 version

  Debian already updated this in stable:

  https://metadata.ftp-master.debian.org/changelogs//main/o/openjdk-8
  /openjdk-8_8u212-b01-1~deb9u1_changelog

  Debian packages:
  https://packages.debian.org/search?keywords=openjdk-8&searchon=names&suite=all&section=all

  Changelog from OpenJDK:

  https://mail.openjdk.java.net/pipermail/jdk8u-
  dev/2019-April/009115.html

  Seems that source code is already in Launchpad:
  https://launchpad.net/ubuntu/+source/openjdk-8/+changelog

  * Security fixes
    - S8211936, CVE-2019-2602: Better String parsing
    - S8218453, CVE-2019-2684: More dynamic RMI interactions
    - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1826001/+subscriptions